| Message ID | 20221028123320.88132-1-xiujianfeng@huawei.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | apparmor: Fix memleak in alloc_ns() | expand |
On 10/28/22 05:33, Xiu Jianfeng wrote: > After changes in commit a1bd627b46d1 ("apparmor: share profile name on > replacement"), the hname member of struct aa_policy is not valid slab > object, but a subset of that, it can not be freed by kfree_sensitive(), > use aa_policy_destroy() to fix it. > > Fixes: a1bd627b46d1 ("apparmor: share profile name on replacement") > Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Acked-by: John Johansen <john.johansen@canonical.com> I have pulled this into my tree > --- > security/apparmor/policy_ns.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c > index 5c38563a6dcf..fd5b7afbcb48 100644 > --- a/security/apparmor/policy_ns.c > +++ b/security/apparmor/policy_ns.c > @@ -132,7 +132,7 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name) > return ns; > > fail_unconfined: > - kfree_sensitive(ns->base.hname); > + aa_policy_destroy(&ns->base); > fail_ns: > kfree_sensitive(ns); > return NULL;
diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index 5c38563a6dcf..fd5b7afbcb48 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -132,7 +132,7 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name) return ns; fail_unconfined: - kfree_sensitive(ns->base.hname); + aa_policy_destroy(&ns->base); fail_ns: kfree_sensitive(ns); return NULL;
After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hname member of struct aa_policy is not valid slab object, but a subset of that, it can not be freed by kfree_sensitive(), use aa_policy_destroy() to fix it. Fixes: a1bd627b46d1 ("apparmor: share profile name on replacement") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> --- security/apparmor/policy_ns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)